Monday, January 25, 2016

A riverine patrol boat from Costal Riverine Squadron 2 escorts the
guided-missile cruiser USS Bunker Hill (CG 52) while in the Arabia Gulf
in this November 15, 2014 handout photo, provided by the U.S. Navy,
January 12, 2016.

Ten sailors aboard two U.S. Navy riverine patrol boats
were seized by Iran in the Gulf on Tuesday, and Tehran told the United
State the crew members would be promptly returned, according to U.S.
Officials.

From CSMonitor by Dana A. GowardIn 2011, Iran spoofed – or faked – Global Positioning System signals to send a CIA drone off course.Did it do the same to trick Navy vessels into Iranian waters?

As images of captured American sailors competed with those of the President Obama during the State of the Union address Tuesday, viewers across the world asked: "How could this happen?"
The world’s most powerful nation with the most advanced navy had been embarrassed on the same day as the president's speech.

After a series of other
implausible explanations, the Department of Defense settled on the
explanation that the crews on both boats "misnavigated."
That in the
middle of their trip between Kuwait and Bahrain the two boats
accidentally went more than 50 miles out of their way to venture into
Iranian waters.
But were they really that poorly trained and
inattentive?
Is the navigation equipment in the world’s best navy that
poor?
And was it just a coincidence it all happened on the day of the
president’s address?
Or was something much more deliberate – and
potentially troubling – to blame?

Iran has demonstrated in the past that it has the capability – and the
will – to exploit a critical and broad vulnerability in our key
navigation system – the Global Positioning System, or GPS.
In 2011, Iran
manipulated GPS systems on a CIA surveillance drone to send it off course and capture it.

Now, at a time when elements in Iran are feeling their power and
prestige diminish after Tehran agreed to the US-led pact to limit the
country's nuclear program, the Islamic Republic could once again flex
its muscles and show it has the wherewithal to toy with nearby Navy
crews.
And, as the US government is well aware, the GPS network that both drivers and sailors rely on remains vulnerable to attacks.
Powered
by solar panels and some 12,000 miles above the earth, GPS satellites
broadcast very weak signals that are easy to block or jam.
Over the past
few years, illegal jamming by criminals and terrorists trying to hide
their whereabouts has become an increasing threat to those signals.
But perhaps more worrisome, GPS signals and receivers can also be spoofed, or faked.
This involves the spoofer sending a bogus signal that
can fool GPS receivers, allowing the attacker to trick the device into
thinking it's in another location.
Iran claims to have used that
technique in 2011 to redirect a CIA surveillance drone from Afghanistan.
Their claim was credible at the time as they clearly had possession of
the undamaged drone.

Military Global Positioning System (GPS) signals have long been encrypted to prevent counterfeiting and unauthorized use.

Civil GPS signals, on the other hand, were designed as an open standard, freely-accessible to all. These virtues have made civil GPS enormously popular, but the transparency and predictability of its signals give rise to a dangerous weakness: they can be easily counterfeited, or spoofed. Like Monopoly money, civil GPS signals have a detailed structure but no built-in protection against counterfeiting.

Civil GPS is the most popular unauthenticated protocol in the world.The vulnerability of civil GPS to spoofing has serious implications for civil unmanned aerial vehicles, or UAVs.

This was demonstrated in June, 2012 by a dramatic remote hijacking of a UAV at White Sands Missile Range.

The demonstration was conducted by the University of Texas Radionavigation Laboratory at the invitation of the Department of Homeland Security.

It became much more credible several months
later when Prof. Todd Humphreys and his students at the University of
Texas showed how it was done.
In a live demonstration in 2013, they took
over the navigation system of a large yacht in the Mediterranean.
Now,
hackers are even selling spoofing kits.

For the 2015 DEF CON hacking
conference in Las Vegas, a Chinese researcher sold equipment and
published step-by-step instructions for building a spoofing device for
about $300.
The loss of the CIA drone in 2011 should have been a
wake-up call for the US military that GPS needs more safeguards.
That
incident was yet another warning sign that's gone ignored.
But
even presidential mandates meant to protect GPS have been ignored over
the years.

In 1998, President Clinton became concerned about America’s
growing reliance on GPS for navigation.
He directed the Department of
Transportation to study the issue and make recommendations.
Those
recommendations, which called for improving receivers, developing
interference detection networks, and developing non-satellite navigation
systems for use alongside GPS, came out just 12 days before 9/11.
Most
of them, understandably, were tabled.

Then, in 2004, the Bush
administration began to focus on GPS's other functions – providing
highly precise timing signals for synchronizing telecommunications and
IT networks, financial systems, and power grids.
President Bush issued a presidential directive that
identified GPS services as essential to the nation’s critical
infrastructure, security, and economy.
Among its provisions to protect
GPS, it directed acquisition of a "back-up system" to serve the nation
in the event of a GPS disruption.
President Obama later reaffirmed
that directive and has issued several additional presidential orders
designed to make the nation’s critical infrastructure more resilient.
The
Obama administration has also continued to voice significant concerns
about GPS vulnerability. Department of Homeland Security officials have
called GPS "a single point of failure for critical
infrastructure."
Secretary of Defense Ashton Carter has said he wants to
"unplug the military from GPS."

But plans to construct a land-based GPS backup system remain dormant.
Studies have shown that, for about $50 million a year, a system known as
eLoran could provide a signal more than 1.3 million times stronger than
GPS.
And, importantly, the signal is incredibly difficult to jam or spoof.
The deputy secretaries of both the Department of Defense and Department
of Transportation have spoken out in favor of such a system.
Yet
nothing has been done.
Similar systems are currently being used by Russia, China, South Korea,Britain, Saudi Arabia, and even Iran.

We
may never know what truly led two Navy vessels into Iranian waters –
the Iranians confiscated the boat’s GPS navigation suites before they
were released.
But all the reasons that have been offered to the press
seem unlikely.
Small Navy vessels like these have multiple and redundant
systems, and usually travel in pairs or small groups specifically to
avoid having a single point of failure threaten their mission.
But the
incident is once again an important reminder that GPS as a single point
of failure can cause significant problems for America, the least of
which are minor embarrassments like this one.
Officials in the
Obama administration have said they are going to act and address this
problem.
Let’s hope that they – and the administration that comes next –
follow through on presidential commitments and finally do something to
safeguard GPS for everyone.